Issues that are fixed

Installations downloaded between March 22 and March 24, 2017

The following issues are resolved for installations or downloads of version 1702 performed between March 22 and March 24, 2017.

When you try to create a Microsoft Intune subscription, you receive an exception in the Configuration Manager console. The Details portion of the exception resembles the following:System.InvalidCastException
Unable to cast COM object of type ‘System.__ComObject’ to interface type ‘CERTENROLLLib.CX509PrivateKey’. This operation failed because the QueryInterface call on the COM component for the interface with IID ‘{728AB362-217D-11DA-B2A4-000E7BBB2B09}’ failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE)).

The automatic client upgrade process for clients may fail. Errors resembling the following are recorded in the ccmsetup.log on the target clients:Failed to delete the ccmsetup service (0x80070430)

Errors that resemble the following are recorded in the UpdateDeployment.log on computers that have the Management Point role installed:Job error (0x8007007f) received for assignment ({guid}) action
Updates will not be made available UpdatesDeploymentAgent
Job error (0x8007007f) received for assignment ({guid}) action
Updates will not be made available

The required software updates dialog box in Software Center incorrectly states “Required software changes have been made on this computer” before changes are applied.

Internet-facing clients are unable to check compliance with device compliance policies, even when an Internet-facing Management Point or Cloud Management Gateway is available. Errors resembling the following are recorded in the ComplRelayAgent.log file:Failed to retrieve AAD token. Error Details: An ADAL exception occurred while acquiring a token
Error: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: Federated service at https://{url} returned error: See inner exception for detail. —> System.Net.WebException: The remote server returned an error: (401) Unauthorized. —> System.ComponentModel.Win32Exception: The system cannot contact a domain controller to service the authentication request. Please try again later.

Installations downloaded between March 25 and April 4, 2017

The following issues are resolved for installations or downloads of version 1702 performed between March 25 and April 4, 2017.

Administrators cannot edit the Task Sequence application property Allow this application to be installed from the Install Application Task Sequence action without being deployed when the deployment type may require user interaction.

Task sequences with the option to Download all content locally before starting task sequence enabled may not run on non-English operating systems.

The User Notifications tab of a Task Sequence property may not appear if third-party administrator console extensions are installed.

Editing a compliance rule for a Mobile Device Configuration Policy results in modifications to additional policy elements. For example, adjusting the “Number of passwords remembered” setting also results in an unintentional change to the “Number of complex character sets required in password” setting.

The SMS Agent Host service (ccmexec) may stop on computers following in-place upgrade of the operating system. This issue can occur if the folder %windir%\system32\tasks\Microsoft is missing after the upgrade.

Enrolled Android devices, other than Samsung Knox devices, are not displayed in the Administrator Console.

Password Compliance rules added to support Android for Work are available on other platforms but only exposed when Android for Work is selected in the rule properties.

Upgrade Readiness data may not be processed on the site server. Errors resembling the following are recorded in the hman.log file on the site server.*** exec dbo.spOMSUpgradeAnalytics…
*** [42000][9420][Microsoft][SQL Server Native Client 11.0][SQL Server]XML parsing: line 3180, character 10, illegal xml character : spOMSUpgradeAnalytics
Failed to execute [C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\CFD\ConfigMgr.OMSUpgradeAnalytics_{datecode}.OMS]

Bulk enrollment of devices to Microsoft Intune fails.

After you upgrade to version 1702, application installation may fail on clients. Errors that resemble the following are recorded in the AppEnforce.log file. This indicates that the client is looking for the installation executable file in the wrong location. This occurs for applications that were created before the upgrade to version 1702.App enforcement environment: Content: MachineCommand line: “Install TestApp.exe”…
Prepared working directory: C:\windows\system32
Invalid executable file “Install TestApp.exe”

Configuration Manager clients may try repeatedly to download data for deleted policies.Clearing the proxy as no proxy address has been set
ERROR: TaskManager: Task [CreateDeployment for service {guid}] has failed. Exception Microsoft.ConfigurationManager.AzureManagement.FailedToCommunicateToServiceException, Failed to contact Azure service.

A defined proxy server is not used as expected when you try to install a Cloud Distribution Point. Errors that resemble the following are recorded in the CloudMgr.log file:

Update information for System Center Configuration Manager, version 1702

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using first wave (Fast Ring) builds of version 1702 downloaded between March 22 and April 4, 2017.

To verify which first wave build is in use, look for a Package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. The update applies to first wave installations of version 1702 from packages that have the following GUIDs:

0FB0A697-662D-45C2-A96C-8C95E5944DF7

2DC025B9-AF2F-4F22-A477-33F19C16C14C

This update does not apply to first wave installations of version 1702 from packages that have the following GUID as they are already up to date:

82258EB9-88F1-427A-8B42-5A5C7FD185FF

Restart information

You do not have to restart the computer after you apply this update.

Update replacement information

This update does not replace any previously released update.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site: